ericalexanderorg (36)

Last Login: August 03, 2020
Assessments
12
Score
36

ericalexanderorg's Contributions (14)

Sort by:
Filter by:
3
Ratings
  • Attacker Value
    Very High
  • Exploitability
    High
Technical Analysis

More detail:
https://swarm.ptsecurity.com/openfire-admin-console/

Stupid easy

GET /plugins/search/......\conf\openfire.xml

2
Ratings
  • Attacker Value
    Very High
  • Exploitability
    Very High
Technical Analysis

More detail
https://swarm.ptsecurity.com/openfire-admin-console/

Stupid easy SSRF

/getFavicon?host=192.168.176.1:8080/secrets.txt?

4
Ratings
  • Attacker Value
    Very High
  • Exploitability
    Low
Technical Analysis

Not enough data ATM to accurately talk risk, but there’s some concerning factors. Taking an educated guess an value & exploitability.

dom-based cross-site scripting

CVSS PR:N – No authentication required

Magento v1 just hit EOL and this patch is only v2. It’s not going to be a simple patch operation for many as they navigate dependencies from the v1 to v2 jump.

Magento put the mage in magecart – it’s a popular target

5

Check out the commit with the fix for pointers on how it can be exploited
https://github.com/grafana/grafana/pull/25322/files

4
Ratings
Technical Analysis

SSRF should be possible through https://vulnerable.host/avatar/redirect

That redirect is tricky since the vulnerable code is splitting on “/” and taking the last value. Need it to hit a url with a vulnerable redirect that can redirect to a metadata URL. From there it may be possible to hit the metadata url and grab STS tokens or pivot elsewhere.

1
Ratings
  • Attacker Value
    Very High
  • Exploitability
    Medium
3
Ratings
  • Attacker Value
    Very High
  • Exploitability
    Very High
Technical Analysis

Requires authentication but after that it’s a couple of easy hops to get to admin – and with that: pillage secrets, deploy additional backdoor, pillage secrets, review code for additional vulnerabilities. Game over.

https://hackerone.com/reports/827052

1
Ratings
  • Attacker Value
    Medium
  • Exploitability
    Very Low
Technical Analysis

Wording on this and eludes to an authenticated RCE, but they consider an anonymous user authenticated. Nexus servers store artifacts that could be altered to pivot elsewhere. This will be a high when POC surfaces, for now I’m going lower. The number of much older versions (that also have vulnerabilities) in shodan suggests many organizations are not keeping up with patching.

1
Ratings
  • Attacker Value
    Low
  • Exploitability
    Very Low
Technical Analysis

With a CVSS base score of 7.4 and 1.7 million code hits from a Github search, this is looking like it has potential.

1
Ratings
Technical Analysis

SSRF in npm package that’s downloaded 23k/week and is found in 4k Github repos. High because of it’s value to grab access keys from cloud metadata urls.

https://hackerone.com/reports/786956

1
Ratings
  • Attacker Value
    Medium
  • Exploitability
    Low
Technical Analysis

XXE vulnerability in library that’s in use by over 500 projects on Github.

2
Ratings
  • Attacker Value
    High
  • Exploitability
    Very Low
Technical Analysis

Not enough details to fully assess ATM but GitLab is signaling this is a high value vulnerability through: 1) Out of band critical release 2) Withholding details for 30 days (not sure they’ve ever done so).

1
Ratings
  • Attacker Value
    Medium
  • Exploitability
    Very Low
Technical Analysis

Not enough information to accurately assess ATM. Potential to read config file or access files within git repositories. Odds are some of those repositories have secrets that can be used to pivot further.